When looking at digital transformation, two WAN technologies have been making headlines: 5G and SASE. While 5G delivers a more agile form of WAN connectivity, SASE (Secure Access Service Edge) represents a convergence of WAN networking and security. But what happens when these two transformative technologies intersect?
With SASE finally becoming mainstream, most solutions address use cases that support fixed sites and remote work. WAN connectivity is predominately wired broadband, and if cellular is part of the network, it is often there as a failover connection.
Now, 5G is delivering the performance that organizations require for connectivity, creating a greater emphasis on leveraging it as the primary WAN connection. 5G connectivity can extend beyond branch offices, out to vehicle fleets, distributed IoT devices, and even to remote workers in areas not adequately served by wired broadband. This extended network environment is more dynamic and distributed, enabling mobile endpoints, which requires an advanced SASE solution that is uniquely tailored for cellular-wide area networking.
Exploring the difference between 5G and wired broadband
There are numerous ways that 5G WANs differ from wired WANs:
- Support for mobile locations like providing WAN connectivity for vehicles, which are moving in and out of coverage areas, versus fixed locations such as branches.
- Variable bandwidth. In a wired network, a 1 Gig link is a 1 Gig link. In 5G today, the concept of fixed bandwidth doesn’t exist. Bandwidth fluctuates constantly based on the signal strength and quality coming from the connected cell tower.
- Metered links. In a 5G network, most of the links have data plans associated with them. In many countries, cellular data plans are moving toward “all you can consume,” however, when this is not the case, tracking data plan usage and preserving valuable bandwidth become very important.
- QoS. Providing differentiated services in a 5G network is unique. Like Differentiate Services Code Points (DSCP) in an IP network, 5G networks have a 5QI value to support QoS across a connection. Things get even more interesting in the next 5G wave, called 5G standalone (SA) networks, where organizations can take advantage of true differentiated services through network slicing.
- Visibility and troubleshooting. When WAN connectivity is delivered “through the air,” without the right visibility deep into the cellular network, troubleshooting network issues can be very complex.
What adaptations does SASE need for supporting 5G?
To address the five key differences discussed above, Cradlepoint has designed several networking and security optimizations into our NetCloud SASE solution. Customers gain operational efficiency (consuming minimal bandwidth) and cost-effectiveness (preserving customers’ data plans) over the hybrid LTE and 5G networks of today — as well as the 5G SA networks of tomorrow.
SD-WAN adaptations include:
- Consideration of cellular-centric measurements for traffic steering: While most SASE/SD-WAN vendors consider latency, loss, and jitter when making traffic steering decisions, NetCloud SASE also considers cellular-centric metrics, such as available bandwidth and data plan usage when making traffic steering decisions.
- Use of in-line traffic for WAN performance measurements: While most SASE/SD-WAN vendors flood the network with synthetic traffic to calculate WAN performance measurements, Cradlepoint efficiently leverages in-line traffic to preserve customers’ data plans, while also providing increased accuracy.
- Support for 5G SA network slicing: Cradlepoint is the only SASE/SD-WAN vendor to successfully demonstrate the ability to traffic steer different categories of applications into the most appropriate 5G SA network slice in a site-to-site implementation across a 5G standalone network. For future proofing, select Cradlepoint modems are now capable of supporting eight network slices, as defined by the 5G SA network core.
Security adaptations include:
- Efficient tunneling: Most SASE/SD-WAN vendors rely on IPsec tunnels to secure WAN transport infrastructure. However, if the application is already encrypted, the traffic is then double encrypted across the WAN — negatively impacting performance and bandwidth consumption. Cradlepoint zero trust network access (ZTNA) leverages a micro-tunnel architecture for client connectivity, which improves performance and bandwidth utilization without compromising security.
- SIM as the root of trust: As 5G adoption continues to accelerate, more endpoints (user laptops as well as IoT devices) will be connected via SIM cards. SIM authentication is highly secure and can be leveraged as an identity source for a security policy. It can provide a robust and simple way to secure end devices (managed and unmanaged) without requiring complex agents or clients.
- Seamless roaming across public and private 5G networks: Leveraging SIM authentication as part of the enterprise security policy will allow for seamless roaming of SIM-based devices across public and private 5G networks. This allows these devices to move between private 5G industrial areas and the macro 5G networks without losing its security policy.
Management and visibility adaptations include:
- Cellular analytics and troubleshooting tools: Most SASE solutions do not provide adequate visibility into the cellular network. Cradlepoint NetCloud SASE offers deep visibility that includes cellular coverage mapping, live views of cellular health, and a cellular-centric AIOps dashboard that performs root cause analysis for more efficient troubleshooting.
Cradlepoint believes that 5G and SASE adoption will continue to accelerate, and as these innovative technologies intersect, the right SASE solution is required for optimal performance, bandwidth efficiency, and cost savings.
Learn more about NetCloud SASE and watch Cradlepoint’s SASE demo.